
import dpkt
from scapy.all import rdpcap
import re

def analyze_pcap(file_path):
    # 基础统计
    with open(file_path, 'rb') as f:
        pcap = dpkt.pcap.Reader(f)
        for ts, buf in pcap:
            eth = dpkt.ethernet.Ethernet(buf)
            if isinstance(eth.data, dpkt.ip.IP):
                ip = eth.data
                print(f"Protocol: {'TCP' if ip.p==6 else 'UDP'}, Src: {ip.src}, Dst: {ip.dst}")

    # 深度检测
    # packets = rdpcap(file_path)
    # suspicious = [pkt for pkt in packets if pkt.haslayer('TCP') and pkt['TCP'].flags == 0x29]  # 检测异常TCP标志
    # print(f"Found {len(suspicious)} suspicious packets.")

    # 深度检测 - SQL注入检测
    packets = rdpcap(file_path)
    sqli_packets = [pkt for pkt in packets if detect_sqli(pkt)]
    print(f"Found {len(sqli_packets)} potential SQL injection packets.")
    if len(sqli_packets) > 0:
        return True
    else:
        return False
# 调用下载函数
analyze_pcap("E:\\workplace\\文档管理\\拨测工具\\第二轮提测\\物联网-评测检测工具样包 20230818 v1.9(1)\\0109注入攻击\\sql_injection_0.pcap")